The "two-stage" malicious software was detected by Google's Play Protect, a new security feature that aims to prevent the spread of malware-laden applications. Lippizan was disbursed through "several channels," including in the Google Play Store, often hiding behind harmless-sounding app names such as "Backup" or "Cleaner."

Advertisement

Related Content

After installation, the adware would download an additional "license verification" stage, which scanned the infiltrated device and then rooted it, sending the user's private data to a command and control server. This included recording one's phone calls, recording from the device's microphone, taking screenshots and photos, stealing files and tracking location.

Lippizan could also collect personal information from popular apps like Gmail, Skype, Viber, Whatsapp, Snapchat, LinkedIn and more.

"We've enhanced Google Play Protect's capabilities to detect the targeted spyware used here and will continue to use this framework to block more targeted spyware," the Mountain View, California-based technology company said.

Google says that less than 100 devices were affected by Lippizan, which has been removed from impacted devices and blocked from infecting new devices.